feat: on-chain proof verification test for c0 [skip-line-limit]

[hmzakhalid]

For CI to pass for this PR:

We need to merge #1320 and create a new release with the updated circuits.
Then update the circuits JSON files and proving keys (pk) under crates/zk-prover/tests/fixtures.
After that, rerun the CI and it should pass.

Summary by CodeRabbit

• New Features

  • On-chain proof verification support via new verifier contracts/artifacts
  • Keccak added as an oracle-hash option for proving and verification

• Tests

  • New on-chain integration and end-to-end prover tests
  • Consolidated shared test utilities and tests now use compiled circuit artifacts

• Chores

  • Renamed/reorganized proof and circuit identifiers for consistency
  • CI and build scripts reorganized for circuit build + e2e flow

• Bug Fixes

  • Accept numeric JSON values when parsing circuit inputs

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
crisp	Ready	Preview, Comment	Feb 19, 2026 3:56pm
enclave-docs	Ready	Preview, Comment	Feb 19, 2026 3:56pm

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds keccak oracle hashing to bb invocations, centralizes zk-prover test helpers and compiled-circuit usage, introduces an on-chain verification integration test (deploys ZKTranscriptLib + DkgPkVerifier to Anvil), updates Solidity artifacts and .gitignore, renames circuit/proof enums, and accepts numeric JSON inputs for circuits.

Changes

Cohort / File(s)	Summary
Oracle Hash Configuration crates/zk-prover/src/prover.rs	Added --oracle_hash keccak to both prove and verify bb binary invocations.
Test Helpers & Shared Fixtures crates/zk-prover/tests/common/helpers.rs, crates/zk-prover/tests/common/mod.rs	Added shared test helpers (find_bb, find_anvil, setup_test_prover, setup_compiled_circuit, test_backend) and re-exported them for tests.
Tests Updated to Use Common Helpers crates/zk-prover/tests/backend_tests.rs, crates/zk-prover/tests/integration_tests.rs, crates/zk-prover/tests/local_e2e_tests.rs, crates/zk-prover/tests/witness_tests.rs	Switched tests to use common helpers, removed duplicated local setup and one fixture-based test, and migrated tests toward compiled-circuit artifacts.
On-Chain Verification Test crates/zk-prover/tests/onchain_verification_tests.rs	New integration test: generate proof (ultra_honk + keccak), deploy/link ZKTranscriptLib and DkgPkVerifier to Anvil, and verify proof on-chain.
Solidity Artifacts & .gitignore packages/enclave-contracts/.gitignore, packages/enclave-contracts/artifacts/contracts/verifier/...	Updated .gitignore artifact whitelist rules; added DkgPkVerifier.json and ZKTranscriptLib.json artifacts (ABI, bytecode, linking/immutable refs).
Fixture Removal crates/zk-prover/tests/fixtures/pk.json	Removed the pk.json test fixture file.
Circuit & Proof Renames crates/events/src/enclave_event/proof.rs, crates/events/src/enclave_event/signed_proof.rs	Renamed and reindexed CircuitName and ProofType variants (e.g., ShareEncryption, DkgShareDecryption, DecryptedSharesAggregationBn/Mod); updated mappings and tests.
Provable Impl Adjustments crates/zk-prover/src/circuits/dkg/..., crates/zk-prover/src/circuits/threshold/...	Removed per-input resolve_circuit_name/valid_circuits in some circuits; updated circuit() returns to new CircuitName variants; added valid_circuits for aggregation (Bn/Mod).
JSON Input Parsing crates/zk-prover/src/circuits/utils.rs	Extended json_value_to_input_value to accept numeric JSON values (i64/u64) by parsing them into FieldElements.
CI & Build Scripts .github/workflows/ci.yml, scripts/build-circuits.ts, scripts/generate-verifiers.ts	Reworked CI jobs (renamed/removed jobs, added circuit build/upload and zk_prover_e2e) and added targeted nargo target-directory cleanup in build/generator scripts.
Integration Test Artifact Paths crates/tests/tests/integration.rs	Switched integration tests to copy compiled artifacts from circuits/bin/*/target instead of internal zk-prover fixtures.

Sequence Diagram

sequenceDiagram
    participant Test as On-Chain Test
    participant Prover as ZK Prover
    participant Anvil as Anvil Node
    participant Lib as ZKTranscriptLib
    participant Verifier as DkgPkVerifier

    Test->>Prover: request proof (PkCircuit, ultra_honk, --oracle_hash keccak)
    Prover-->>Test: returns proof bytes + public inputs

    Test->>Anvil: start local node / deploy contracts
    Anvil-->>Test: RPC ready

    Test->>Lib: deploy ZKTranscriptLib
    Anvil-->>Lib: lib deployed

    Test->>Verifier: link Lib into verifier bytecode & deploy verifier
    Anvil-->>Verifier: verifier deployed

    Test->>Verifier: call verify(proof, publicInputs)
    Verifier->>Lib: generateTranscript(proof, publicInputs)
    Lib-->>Verifier: transcript
    Verifier-->>Test: returns true

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• refactor: missing circuits in zk-prover [skip-line-limit] #1317: overlapping renames and Provable selection logic changes for CircuitName/ProofType.
• feat: add sk_share and e_sm_share #1290: related refactor of ZK circuit naming/selection surface and Provable mappings.
• feat: add pk_trfv_generation_circuit to zk-prover #1281: related changes in zk-prover circuits and PK-generation areas used by tests.

Suggested labels

chore

Suggested reviewers

• ctrlc03
• 0xjei

Poem

🐰 I hopped through code with a curious squeak,
Keccak now hums where provers speak.
Helpers bundled, tests find their way,
Contracts linked and Anvil saves the day.
A rabbit cheers — green CI, hooray!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 41.03% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly describes the main change: adding an on-chain proof verification test for c0, which aligns with the new test file onchain_verification_tests.rs and related updates.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/onchain-zk-verification

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@crates/zk-prover/tests/common/helpers.rs`:
- Around line 55-57: The code uses env!("CARGO_TARGET_TMPDIR") which is a
compile-time requirement and will fail when the env var is absent; change it to
a runtime lookup using std::env::var("CARGO_TARGET_TMPDIR") and fall back to
std::env::temp_dir() when the var is Err, then pass that Path (or PathBuf) into
TempDir::new_in so TempDir::new_in(target_tmp) no longer depends on a
compile-time env!.

In `@crates/zk-prover/tests/onchain_verification_tests.rs`:
- Around line 219-226: The current conversion from onchain_public_signals to
public_inputs uses chunks(32) which silently right-pads a short final chunk and
corrupts the last field element; change the logic to use chunks_exact(32) (or
check that onchain_public_signals.len() % 32 == 0) and assert or error if there
is a non-empty remainder so you never accept a short final chunk; update the
code building FixedBytes (the map that calls FixedBytes::from on buf) to iterate
only over exact 32-byte chunks (e.g., using chunks_exact and checking
.remainder().is_empty() or explicitly validating the length) and fail fast if
the input length is not a multiple of 32.

In `@scripts/build-circuits.ts`:
- Around line 328-329: The argument parsing branch for '--oracle-hash' currently
assigns args[++i] directly to options.oracleHash which can be undefined and
silently override the default; update the parsing logic in the same parse loop
so you first peek at args[i+1], validate it's defined and not another flag, and
only then consume it (increment i and set options.oracleHash); if it's missing
or invalid, throw a clear error or exit with a message indicating the missing
value for '--oracle-hash' so the default ('keccak') isn't overwritten silently
(refer to options.oracleHash, args and the '--oracle-hash' branch).

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

crates/zk-prover/tests/local_e2e_tests.rs (1)

435-439: Consider tracking the e_sm commitment skip as a follow-up issue.

The comment explains the mismatch (SEARCH_N = 100 vs. committee size 5), but this silently drops test coverage for the smudging-noise commitment. If this is a known limitation, it might be worth creating an issue to reconcile the parameter mismatch and re-enable this check.

Would you like me to open a tracking issue for reconciling the Bounds::compute / Noir-config committee-size mismatch and re-enabling the e_sm commitment assertion?

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/zk-prover/tests/local_e2e_tests.rs` around lines 435 - 439, Add a
follow-up tracking issue to record and resolve the skipped e_sm commitment
assertion: create an issue that describes the mismatch between Bounds::compute
using SEARCH_N (100) for the smudging bound and the Noir circuit's committee
size (5), the resulting packing/bit-width discrepancy that causes the e_sm
commitment check to be skipped in local_e2e_tests.rs, and a proposed plan
(investigate making Bounds::compute use the Noir committee-size, or parameterize
both places, and re-enable the e_sm assertion). Reference the test location
(e_sm commitment check in crates/zk-prover/tests/local_e2e_tests.rs), the
involved symbols (Bounds::compute, SEARCH_N, e_sm), expected behavior, and
attach the test snippet or link to the PR so the follow-up can track fixing the
parameter mismatch and re-enabling the check.

crates/events/src/enclave_event/signed_proof.rs (1)

294-313: Test covers the key renamed mappings but omits T6DecryptedSharesAggregation.

Consider adding an assertion for T6DecryptedSharesAggregation → DecryptedSharesAggregationBn to lock in the mapping.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/events/src/enclave_event/signed_proof.rs` around lines 294 - 313, Add
a test assertion to cover the missing mapping for the renamed key: call
ProofType::T6DecryptedSharesAggregation.circuit_name() and assert it equals
CircuitName::DecryptedSharesAggregationBn so the mapping is locked in alongside
the other ProofType assertions in proof_type_circuit_name_mapping().

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/events/src/enclave_event/proof.rs`:
- Around line 70-73: The CircuitName enum's as_str() returns the same string for
DkgShareDecryption and ThresholdShareDecryption, causing identical output from
the Display impl and possible collisions; update the as_str() match arm for
CircuitName::DkgShareDecryption to return a distinct value (e.g.,
"dkg_share_decryption") so Display (which delegates to as_str()) and any
lookups/deserializations are unambiguous—check the as_str() method and the
Display impl to ensure they now produce distinct strings while leaving
dir_path() behavior unchanged.

---

Nitpick comments:
In `@crates/events/src/enclave_event/signed_proof.rs`:
- Around line 294-313: Add a test assertion to cover the missing mapping for the
renamed key: call ProofType::T6DecryptedSharesAggregation.circuit_name() and
assert it equals CircuitName::DecryptedSharesAggregationBn so the mapping is
locked in alongside the other ProofType assertions in
proof_type_circuit_name_mapping().

In `@crates/zk-prover/tests/local_e2e_tests.rs`:
- Around line 435-439: Add a follow-up tracking issue to record and resolve the
skipped e_sm commitment assertion: create an issue that describes the mismatch
between Bounds::compute using SEARCH_N (100) for the smudging bound and the Noir
circuit's committee size (5), the resulting packing/bit-width discrepancy that
causes the e_sm commitment check to be skipped in local_e2e_tests.rs, and a
proposed plan (investigate making Bounds::compute use the Noir committee-size,
or parameterize both places, and re-enable the e_sm assertion). Reference the
test location (e_sm commitment check in
crates/zk-prover/tests/local_e2e_tests.rs), the involved symbols
(Bounds::compute, SEARCH_N, e_sm), expected behavior, and attach the test
snippet or link to the PR so the follow-up can track fixing the parameter
mismatch and re-enabling the check.

[0xjei]

check the commentsssss good j